Search Try Aqua

Layered, Full Lifecycle Cloud Native Security Platform

Securing containerized, serverless and VM-based applications, from CI/CD pipelines to production runtime environments.
Runs on-prem or in the cloud, at any scale.

Leverages Modern SDLC to Improve Security

We secure applications before they are deployed, mitigating risk, enforcing immutability and easily detecting and blocking anomalies based on the application context.

Designed for Scale
and Performance

We built our platform for the growing needs of the world's largest enterprises. It can scan thousands of images daily, and protect clusters with thousands of nodes, with minimal performance impact.

Built for Multi-Tenant Environments

Manage multiple team deployments or multiple customer tenancies using a central console. Maintain separation of data and access, ensuring complete isolation between tenants.

Secure Once, Run Anywhere

Wherever you run your cloud-native applications, Aqua integrates with your choice of infrastructure to deliver comprehensive security and compliance.

kubernetes

windows server

ibm cloud

google cloud openshift

mesosphere

azure

rancher

PKS aws docker pivotal

Cloud Native security architecture: How Aqua fits into your environment

Hover over parts of the diagram for more information

Cloud VM Security and Compliance

Automate the security of VMs in your private, public and hybrid cloud environments, using a policy-driven approach with single-pane-of-glass visibility across containers, serverless, and VM-based workloads. Scan VMs for vulnerabilities and malware, apply File Integrity Monitoring (FIM), track user activity, and prevent VM configuration drift.

Blog

Cloud VM Security
with Aqua CSP

Vulnerability Management

Aqua scans VMs, container images and serverless functions for known vulnerabilities, embedded secrets, configuration and permission issues, malware and open-source licensing. Based on a constantly updated stream of aggregate sources (CVEs, vendor advisories, and proprietary research), we ensure up-to-date, broad coverage while minimizing false positives that often occur when using only a single source.
Any of the parameters can be used to create custom image assurance policies that prevent artifacts from being built, progressed in the CI pipeline, or run in production.

Blog

Aqua MicroScanner:
Free Image Vulnerability Scanning Plugin for Jenkins

Blog

MicroScanner: Free Image Vulnerability Scanner for Developers

Runtime Protection

Aqua prevents untrusted code from running, and ensures that VMs, containers and functions remain immutable, preventing any changes to running workloads compared with their originating images.
You can monitor and control activity in real time, based on custom policies and machine-learned behavioral profiles. Alert on or block suspicious activities and processes without killing or pausing workloads, ensuring business continuity for your critical applications.

Webinar

The Emergence of Kubernetes and the Need for Enterprise-Grade Security

eBook

Operating Kubernetes Clusters and Applications Safely

Secrets Management

Aqua securely delivers secrets to containers at runtime, encrypted in transit and at rest, loading them in memory with no persistence on disk, where they are only visible to the container that needs them. Integrate with your existing enterprise vault, such as HashiCorp, CyberArk, AWS KMS or Azure Vault, and transparently update, revoke, and rotate secrets with no need to restart containers. We also give you visibility into which secrets are being used, and in which running containers.

Aqua's integration with Vaults ›

Whitepaper

The Ultimate Guide to Secrets Management in Containers

Blog

Protecting Kubernetes Secrets:
A Practical Guide

Embedded CI/CD Scanning

Aqua provides native plug-ins as well as a CLI tool that automate image scanning within CI tools such as Jenkins, Bamboo, Azure DevOps or TeamCity. As a step in the image build, developers can view scanning results and suggested mitigation from within a familiar environment. Security teams can use this to prevent artifacts that violate policy from being built and ensure that dev teams have the information they need to secure images early on.

Blog

Aqua MicroScanner:
Free Image Vulnerability Scanning Plugin for Jenkins

Workloads Firewall

Aqua limits the "blast radius" of attacks by limiting VM, container, and serverless function networking to defined nano-segments based on application context. Automatically discover network connections and get suggested contextual firewall rules that whitelist legitimate connections based on service identity, URLs or IPs. Block or alert on unauthorized network activity.
The Aqua workloads firewall works seamlessly with popular network plugins such as Weave or Flannel, and with service meshes such as Istio.

Compliance & Auditing

Aqua makes it easy to prove compliance with regulations such as PCI-DSS and HIPAA, as well as to adhere to best practices from NIST and CIS, with out-of-the-box default policies. We help you ensure that your clusters, VMs, nodes, containers and functions are properly hardened and monitored, and provide granular event logging for everything from login attempts, to secrets use, to container start/stop events, to policy violations.
Aqua integrates with many log analysis and SIEM tools, such as Splunk, ArcSight, LogRhythm and others, to enable you to manage auditing centrally.

Platform Integrations

Aqua integrates into your existing infrastructure, making it easy to manage DevSecOps collaboration, event monitoring, logging and reporting, and incident response. With dozens of pre-built integrations, you can share alerts through Slack, open vulnerability tickets in Jira, send event data to Splunk, QRadar or ArcSight, or monitor with Datadog or Sumo Logic, as well as many others.
With full REST API access, we can easily integrate with additional systems.

VIEW ALL INTEGRATIONS ›